Last Call Review of draft-schaad-smime-algorithm-attribute-
review-schaad-smime-algorithm-attribute-secdir-lc-wallace-2011-01-10-00
Request | Review of | draft-schaad-smime-algorithm-attribute |
---|---|---|
Requested revision | No specific revision (document currently at 05) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2011-01-18 | |
Requested | 2010-12-16 | |
Authors | Jim Schaad | |
I-D last updated | 2011-01-10 | |
Completed reviews |
Secdir Last Call review of -??
by Carl Wallace
|
|
Assignment | Reviewer | Carl Wallace |
State | Completed | |
Request | Last Call review on draft-schaad-smime-algorithm-attribute by Security Area Directorate Assigned | |
Completed | 2011-01-10 |
review-schaad-smime-algorithm-attribute-secdir-lc-wallace-2011-01-10-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This document looks good to me. I have a few minor comments and editorial suggestions. For consistency, I suggest the definitions of the signatureAlgorithm and macAlgorithm fields refer to the corresponding fields in SignerInfo and AuthenticatedData similar to the description of the digestAlgorithm field, i.e., refer to SignerInfo.signatureAlgorithm and AuthenticatedData.macAlgorithm. Though it doesn't really matter, given the requirement for one of signatureAlgorithm or macAlgorithm to be present, why not use a CHOICE and force the issue? In 3.2, change signature validation to MAC verification.